...
{
"MetadataAddress": "https://adfs.cloud.weir/FederationMetadata/2007-06/FederationMetadata.xml",
"Wtrealm": "https://onelist-dev.cloud.weir/"
}
Azure AD configuration
DO NOT use the .Net MicrosoftAccount provider for Azure AD because it uses OAuth flow and won't be able to get custom claims. Only OIDC flow can retrieve custom claims.
Steps to register OneList on AAD: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
The Redirect URI for OneList is: https://iqx.onelistapprovals.com/rolemanager/signin-microsoftazure
If OneList is registered for multi-tenant , configure RoleManager using this JSON:
{"clientid":"xxxxx","clientsecret":"xxxxx"}
If OneList is registered for single-tenant, configure then tenant_id = common
Configure RoleManager using this JSON:
{
"clientid": "xxxxx",
"clientsecret": "xxxx",
"AuthorizationEndpointAuthority": "https://login.microsoftonline.com/<Tenant_id>/oauth2<tenat_id>/v2.0/authorize",
"CallbackPath": "/signin-azure",
"TokenEndpointPrompt": "https://login.microsoftonline.com/<Tenant_id>/oauth2/v2.0/token"select_account",
"SaveTokens": false,
"UserNameClaim": "<custom user name claim>"
}
To avoid auto sign-in, add the following to the JSON.
"AuthorizationEndpointPrompt": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?prompt=select_account"